From zdnet.com
![Ruby](https://zdnet1.cbsistatic.com/hub/i/2019/07/08/79e963f3-ef3b-46df-b797-d54bbccccad0/24c6bbb7706ccb43f7b9f075021c85fe/ruby-logo.png)
A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.
The malicious code would check if the library was being used in a test or production environment. When in production, it would download and run a second payload downloaded from Pastebin.com, a text hosting portal.
This second payload would create the actual backdoor in the apps and websites that used the library — named strong_password.